There is already ssl certificate on the server, the issue is it works fine if someone writes website as borroup.com but when write www.borroup.com it says connection not secure. Im not sure how to access the cert from the server to config the issue.
borroup.com
www.borroup.com
here is the sudo ls /etc
I tried this
sudo certbot --nginx -d borroup.com -d www.borroup.com
and this
sudo ./letsencrypt-auto --apache -d borroup.com -d www.borroup.com
i kept getting command not found
command not found
Related
Creating certificates for elasticSearch install via docker-compose.
Gets an error 'Mac verify error: Invalid Password?' while running the command: sudo docker-compose -f create-certs.yml run --rm create_certs
I'm creating the certificates again as faced an issue during initial setup. Is this error of any concern for the setup?
Also, when i run openssl pkcs12 -info -in /home/elastic/es11/es11/es11.p12 and enters the password. get below error :
Enter Import Password:
MAC Iteration 10000
Mac verify error: invalid password?
My BBB secret is valid and is the same for Greenlight .env file.
All of a sudden, I got the error
Server Error - Invalid BigBlueButton Endpoint and Secret
and when I run:
docker run --rm --env-file .env <container-image> bundle exec rake conf:check
I get:
Checking environment: Passed
Checking Connection: Failed
Error connecting to BigBlueButton server - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (certificate has expired)
I have manually updated the certificate of my Ubuntu server but the error still persists. My BBB version 2.2.9.
While browsing online, I read that you have to log into your container using bash by typing:
docker exec -it <container-id> /bin/bash
and trying to download a certificate (somewhere they was mentioned https://curl.haxx.se but I am not 100% sure about the URL). However curl in the docker container also complains about an SSL error.
The issue was caused because of an expired Let's Encrypt SSL certificate. More information can be found here. Removing the certificate and updating the certificates resolves the issue.
I'm trying to get a Blazor Web Assembly app up and running with authentication for deployment on Digital Ocean, but I can't for the life of me seem to load a .pfx cert to pass it to Identity Server when trying to run within docker container.
I load and pass the certificate in Startup like so:
string password = "password";
string certificate = "IdSrv.pfx";
var cert = new X509Certificate2(
certificate,
password,
X509KeyStorageFlags.MachineKeySet |
X509KeyStorageFlags.PersistKeySet |
X509KeyStorageFlags.Exportable);
services.AddIdentityServer()
.AddApiAuthorization<JccUser, JccContext>()
.AddSigningCredential(cert);
But when trying to run container and mount the path to the certificate I just can't seem to locate the file.
`docker run --rm -it -p 8000:80 -p 8001:443
-e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001
-e ASPNETCORE_Kestrel__Certificates__Default__Password="password"
-e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/cert.pfx
// for SSL
-v C:\Users\user\.aspnet\https:/https/
// for Identity Server (I tried using the same for both originally)
-v C:\Users\user\.cert\IdSrv.pfx:/IdSrv.pfx
docker-name`
I get Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error
:2006D080:BIO routines:BIO_new_file:no such file
In AppSettings.json I just have the boiler plate
"IdentityServer": {
"Clients": {
"Jcc.Client": {
"Profile": "IdentityServerSPA"
} } },
But as I understand it, I don't need to configure the key in there if I am doing at AddSigningCredentuial().
I must be missing something obvious or have got the wrong end of the stick somewhere?
I am attempting to docker-machine create to a Ubuntu 16.04 host like this:
ssh-keygen -R ${remote_host}
ssh-copy-id -i ~/.ssh/id_host_rsa.pub root#${remote_host}
docker-machine create \
--driver generic \
--generic-ip-address=${remote_host} \
--generic-ssh-key ~/.ssh/id_host_rsa \
--generic-ssh-user=root ${machine_name}
Version information:
docker --version
Docker version 19.03.6, build 369ce74a3c
docker-machine --version
docker-machine version 0.16.2, build bd45ab13
I am repeatedly asked for a password .. Why is this?
Here is the output:
...
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: Received disconnect from 77.68.21.66 port 22:2: Too many authentication failures
ERROR: Disconnected from 77.68.21.66 port 22
Running pre-create checks...
Creating machine...
(production) Importing SSH key...
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Password:
Detecting the provisioner...
Password:
Provisioning with ubuntu(systemd)...
Password:
.. etc
The reason for this problem was the ordering of ~/.ssh/config.
I had a Host * entry in config first, before that of my corresponding specific server Host XX.XX.XX.XX entry.
I moved the wildcard entry at the end of ~/.ssh/config and now the password is no longer constantly asked for and the problem is now fixed.
I how this helps someone.
Im trying to get a docker-machine up and running on a Ubuntu 14.04TSL server in our network. I have installed docker+docker-machine on the server and im able to create the docker-machine on the server with this command from my computer:
docker-machine create --driver generic --generic-ip-address 10.10.3.76 --generic-ssh-key "/Users/username/Documents/keys/mysshkey.pem" --generic-ssh-user ubuntuuser dockermachinename
The command above creates the docker-machine and im able to list it with
docker-machine ls
Im able to SSH to it by running
docker-machine ssh dockermachinename
but when i try to connect the server with (-D for debug information)
docker-machine -D env dockermachinename
I get the following message
Docker Machine Version: 0.5.2 ( 0456b9f )
Found binary path at /usr/local/bin/docker-machine-driver-generic
Launching plugin server for driver generic
Plugin server listening at address 127.0.0.1:54213
() Calling .GetVersion
Using API Version 1
() Calling .SetConfigRaw
() Calling .GetMachineName
(dockermachinename) Calling .GetState
(dockermachinename) Calling .GetURL
Reading CA certificate from /Users/username/.docker/machine/certs/ca.pem
Reading server certificate from /Users/username/.docker/machine/machines/dockermachinename/server.pem
Reading server key from /Users/username/.docker/machine/machines/dockermachinename/server-key.pem
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "10.10.3.76:2376": dial tcp 10.10.3.76:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.
I really need to solve this so all help is appreciated!
On Ubuntu you will need to do following steps:
1. Create user which don't require password
sudo visudo
at the end of file add following line (make sure to specify your username):
username ALL=(ALL:ALL) NOPASSWD: ALL
and then save and exit. And after that add your username to docker group like this (change username with your actual username):
usermod -aG docker username
2. Edit docker config to open 2375 and 2376 ports
sudo systemctl edit docker.service
add following snippet to that file:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// -H tcp://0.0.0.0:2376 -H tcp://0.0.0.0:2375
then save and exit. After that reload config and restart docker deamon with:
sudo systemctl daemon-reload
sudo systemctl restart docker.service
3. Create docker-machine
Remove existing machine which is failing with:
docker-machine rm machine1
and try to create it one more time like this:
docker-machine create -d generic --generic-ip-address ip --generic-ssh-key ~/.ssh/key --generic-ssh-user username --generic-ssh-port 22 machine1
please change ip, key, username and machine1 with you actual values.
If this produce error like this:
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.0.26:2376": tls: oversized record received with length 20527
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.
then SSH to your machine and cd into following directory:
cd /etc/systemd/system/docker.service.d/
list all files in it with:
ls -l
you will probably have something like this:
-rw-r--r-- 1 root root 274 Jul 2 17:47 10-machine.conf
-rw-r--r-- 1 root root 101 Jul 2 17:46 override.conf
you will need to delete all files except 10-machine.conf with sudo rm.
After that remove machine you created and create it again. It should now work. I hope this helps. Maybe you already steps 1 and 2 if so then skip them and just try to remove override.conf file or any file in that dir which is not 10-machine.conf.